BIND9 Latency

[James Gray]

On 27/09/2006, at 4:58 AM, Tom Smith wrote:

> The problem is that it seems to time out quite frequently when  
> resolving
> non-local domain names--that is, it times out when resolving Internet
> domain name... It always works when resolving internal names. The only
> way I've found, so far, to resolve this is to restart the bind9  
> service.
>
> There are no errors in any of the logs (that I can find) and there  
> don't
> appear to be any other anomalies occurring when the problem crops up.
>
> Can anyone offer any suggestions as to what might be going on or  
> ways of
> tracking down this problem?

Have you specified a forwarding name server in the /etc/named.conf  
file?  You might also be hitting some firewall issues, so you might  
want to play with the source address/port that bind uses.

Another thing I've seen with bind servers that can cause these  
symptoms is accidentally imposing a non-recursive restriction to  
internal users.  It's a good thing to restrict recursive queries to  
trusted/LAN hosts - otherwise anyone can point their resolver at your  
DNS server and get it to resolve anything.  Non-recursive queries to  
untrusted hosts will mean they can ask your DNS server anything about  
the domains it is master/slave for, but any other domain will result  
in a "ask someone else" response :)

Failing all that, maybe run the named daemon in the foreground with  
debugging turned on.  This will stop it forking to the background and  
show you all manner of info about what is happenning with queries,  
forwards, and zone synchronisation.  Dumping the output to a log file  
is helpful too (use a shell redirect, then "tail -f <logfile>" from  
another terminal).

> Thanks in advance for your help!

I could probably help more if I saw your /etc/named.conf file  
(sanitised of sensitive info of course).

Cheers,

James